Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux and UNIX Overview 1 Linux and UNIX Overview.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Linux and UNIX Overview 1 Linux and UNIX Overview."— Presentation transcript:

1 Linux and UNIX Overview 1 Linux and UNIX Overview

2 Linux and UNIX Overview 2 Linux and UNIX  Linux and UNIX OSs are… o Often targets for attacks o Often used for launching attacks  So we need to understand basics

3 Linux and UNIX Overview 3 UNIX  A “beautiful but strange beast” o Developed as research project by AT&T o More than 35 years old o Internet was built on UNIX o Recently, popular for desktops, etc.

4 Linux and UNIX Overview 4 UNIX  It’s beautiful because… o It’s powerful  Millions of people have worked on it o Huge numbers of useful tools o “Been around the block” more than once o Closely associated with open source o Admins can find lots of useful tools

5 Linux and UNIX Overview 5 UNIX  Strange because so many UNIX OSs  Popular variants include o Solaris by Sun o MacOS by Apple o HP-UX by HP o IRIX by sgi o AIX by IBM o FreeBSD, free open source o OpenBSD, “the #1 most secure” OS

6 Linux and UNIX Overview 6 UNIX  Differences between UNIX variants o File systems organization o System calls, commands, command options, etc.  Two main “lines” of UNIX o AT&T and BSD  But some UNIXs are combinations

7 Linux and UNIX Overview 7 Linux  Developed by Linus Torvalds o Technically, not a variant of UNIX o Created without using any of the underlying UNIX code o A “UNIX-like environment” o Strictly speaking, “Linux” is just the kernel o Many Linux “distros”: Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSE, etc.

8 Linux and UNIX Overview 8 UNIX  Here, generic UNIX/Linux concepts o Things that apply to most UNIX/Linux  UNIX also strange because o Not designed for ease of use o Think command line, not GUI o Ironically, much simpler than Windows…  If you think Windows is easier, you don’t know Linux…  …and you don’t know Windows

9 Linux and UNIX Overview 9 UNIX  Here, we focus on generic “UNIX” o Things that apply to most variants  Book use “UNIX”, “Linux” interchangeably  Here, we only scratch the surface  For more info o Linux Administration Handbook, by Nemeth o Man pages

10 Linux and UNIX Overview 10 Architecture  File system o Like traveling thru a city… o Directories are like signs leading you to “buildings” (files)  Many things treated as files o Devices, elements of processes, files

11 Linux and UNIX Overview 11 File System  Top is root directory: / == “slash” o “cd /” takes you to root o For example: /home/fred/hack.txt  File hack.txt in directory /home/fred

12 Linux and UNIX Overview 12 Important Directories  / == root (top level), called “slash”  /bin, /sbin == critical system exe’s  /dev == devices, terminal, CD, etc.  /etc == system config files o Accounts, pwds, network addresses, etc.  /home == user directories

13 Linux and UNIX Overview 13 Important Directories  /lib == shared libraries for programs  /mnt == exported file systems temporarily mounted, removable devices (e.g., USB)  /proc == images/data of current processes o Not on hard drive---can see what kernel is doing  /tmp == temporary files  /usr == critical system files (utilities, man pages, …)  /var == stores various types of files, often for administration (log files)

14 Linux and UNIX Overview 14 Important Directories  “.” is current directory  “..” is parent directory o One level up  “ls” lists all files in directory  “ls -a” lists “.” and “..” too

15 Linux and UNIX Overview 15 Kernel  UNIX and Linux are modular  The core is the kernel o Heart and brains of OS o Deals with critical system functions o E.g., hardware interactions, resource allocation, … o Programs call on kernel for these things

16 Linux and UNIX Overview 16 Processes  For program, kernel starts a process o Process is like a “bubble that contains the guts of a running program” o Kernel creates bubble, inflates it and tries to keep bubbles from popping each other  User programs, admin tools, services (e.g., Web, email) are processes o May be 100s to 1000s of active processes o Kernel juggles these into CPU, manages memory

17 Linux and UNIX Overview 17 Processes  High level view of architecture

18 Linux and UNIX Overview 18 Processes  Many processes run in background  Perform system-critical functions o Printing, network activity, etc.  Known as “daemons” o Pronounced “day-muns” or “dee-muns” o Named based on their function o E.g., SSH daemon is sshd

19 Linux and UNIX Overview 19 Automatic Processes  Booting: kernel starts init daemon o Finishes boot process  Init starts many network processes o Httpd --- Web server, for http/https o Sshd --- SSH service o Sendmail --- common UNIX email server o NFS --- Network File System for sharing files between UNIX systems

20 Linux and UNIX Overview 20 Network Services  Network service listens to network o Web server listens on TCP port 80 o Email server listens on TCP port 25  Wait for incoming traffic  Lots of email/Web traffic, so they listen constantly  What about, say, FTP?

21 Linux and UNIX Overview 21 Network Services  To improve efficiency…  “Internet daemon” listens for uncommon services o inetd (“I-Net-D”) or xinetd  When traffic arrives, inetd activates appropriate service  Uncommon services: echo, chargen, ftpd, telnetd, rsh, rlogin, TFTP, …

22 Linux and UNIX Overview 22 inetd  File /etc/inetd.conf tells inted what services to listen for: must specify o Service name --- e.g., telnet (defined in /etc/services) o Socket type --- type of connection? o Protocol --- usually tcp or udp o Wait status --- process handles multiple connection or not o User Name --- name services should run as o Server program and arguments  inetd.conf is target of attacks

23 Linux and UNIX Overview 23 inetd  Relationship between inetd and other daemons

24 Linux and UNIX Overview 24 cron  Cron daemon o Schedule programs to run at predetermined times o For example, backup files at 3am  Attackers also like cron o E.g., shut down critical service at a particular time as part of back door

25 Linux and UNIX Overview 25 Processes  Can also start processes manually  “path” is searched for command  To see path: echo $path o Dangerous to have “.” in path o Why?

26 Linux and UNIX Overview 26 Interacting with Processes  Each process has process ID (PID)  To get info on current processes o “ps -aux” (all running processes) o “lsof” (list of open files)  Can send a signal to a process o TERM to terminate, HUP to “hang up” (often rereads config), kill, killall, etc.

27 Linux and UNIX Overview 27 Accounts  Need an account to log in  A process runs with permissions of a given account  /etc/passwd file o One line for every account, e.g., o sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false

28 Linux and UNIX Overview 28 Passwd File  Each line contains o Login name o Hashed/encrypted password o UID number --- number assigned to account, used to determine permissions of processes o Default GID --- default group number o GECOS info --- not used by system, names, etc. o Home directory --- directory after login o Login shell --- sh, bash, csh, ksh, or another program

29 Linux and UNIX Overview 29 Passwd File  Passwd file is world readable o Attackers like to know hashed passwords o Used for password guessing  Most modern UNIX systems do not include hashed passwords in passwd file o Instead, in “shadow” passwd file, /etc/shadow o Requires super-user privilege to access  So passwd file contains no passwords…

30 Linux and UNIX Overview 30 Password File  After much searching…  Found my OS X hashed password is o 0x3BBC2A94D59EB1D5D3452EA6FA47399B2A25664C  Where SHA1 hash is used, with salt o 0x8429A223  Extra credit: Find my password!

31 Linux and UNIX Overview 31 Groups  Group users together  Assign permission to the group  Stored in file /etc/group, format is o Group name o Hashed group password --- never used o GID number --- used by the system instead of group name o Group members --- by login names

32 Linux and UNIX Overview 32 Root  Root account is all-powerful user  Maximum privilege --- can read, write any file  Root == superuser or “God”  UID == 0 o “root” could be called anything, provided UID is 0 o Can be multiple root accounts

33 Linux and UNIX Overview 33 Permissions  Every file has an owner and group  Owner (or root) sets permissions o Permissions: owner, group, everybody o For each of the 3, read, write, execute o Use “ls -l” to see permissions -rw-r--r-- 1 markstam markstam 767 Feb 6 19:31 cs286.txt drwxr-xr-x 40 markstam markstam 1360 Jan 25 17:33 docs

34 Linux and UNIX Overview 34 Permissions

35 Linux and UNIX Overview 35 Permissions  Change permissions using chmod o “change modes”  Give new permissions in octal o For example: chmod 745 foo o This corresponds to: rwxr--r-x

36 Linux and UNIX Overview 36 SetUID  Sometimes user needs to access file and they do not have permissions o Example: to change password (assuming hashes stored in shadow file)  SetUID == Set User ID  Use this so program will execute with permission of it’s owner o As opposed to permission of user executing it o Password changing program: SetUID root

37 Linux and UNIX Overview 37 SetUID  Gives “common” users lots of power o OK if used in controlled way for specific tasks  SetUID permissions appear before 9 standard permission bits o In fact, 3 additional bits o SetUID, SetGID, “sticky bit” o For example: chmod 4745 foo o Shows up in “ls -l” as an s : -r-sr-xr-x 1 root wheel 75636 Jan 11 2007 /usr/bin/passwd

38 Linux and UNIX Overview 38 SetUID  Attackers like SetUID programs o May be possible to exploit flaws in code (buffer overflow) to elevate privilege  New/modified SetUID programs may be evidence of attack

39 Linux and UNIX Overview 39 Trust Relationships  That is, trust between machines o Can specify which machines to trust Bob trusts Alice

40 Linux and UNIX Overview 40 Trust Relationships  Unauthenticated access by users from trusted machine o Since trusted machine (presumably) already authenticated the user  If trusted, the r-commands (rlogin, rsh, rcp) require no password o Also, r-commands do not encrypt  How does Bob know trusted Alice is Alice?

41 Linux and UNIX Overview 41 Logs and Audit  Created by syslog daemon (syslogd)  Typical log files o Secure --- logins, successful and failed o Message --- catch-all system log o Individual app logs --- for specific apps

42 Linux and UNIX Overview 42 Logs and Audit  Forensic info also logged  Attackers like to cover their tracks  To do so, may need to manipulate… o utmp --- who is logged in o wtmp --- record of all logins and logouts o lastlog --- time and location of each user’s most recent login

43 Linux and UNIX Overview 43 Common Network Services  Telnet --- command line remote access o No encryption, session can be hijacked, …  FTP --- file transfer o Insecure, like telnet  SSH --- encrypted “tunnel” o Then safe to use unsafe services o SSH version 1 insecure, version 2 is good

44 Linux and UNIX Overview 44 Common Network Services  HTTP --- Web o Source of many attacks  Email --- sendmail, several security issues  r-commands --- rlogin, rsh, rcp o Considered very insecure  DNS --- domain names to IP addresses o Critical service, good one for attackers…

45 Linux and UNIX Overview 45 Common Network Services  NFS --- transparently access files across network o NFS server “exports” directory info o Local machine can “mount” these, so files appear to be locally accessible o Like FTP without all of the trouble of FTP-ing o Of course, exporting too much may be bad  X-Window System --- X11 (or just “X”) o The underlying GUI service in UNIX o X server controls screen, provides service o Must limit who can display/access your screen

46 Linux and UNIX Overview 46 Conclusion  UNIX/Linux  Popular OSs  More than 30 years old  Fundamental part of Internet  Widely used OSs  Platform of choice for many attackers

47 Linux and UNIX Overview 47 Summary

Download ppt "Linux and UNIX Overview 1 Linux and UNIX Overview."

Similar presentations

COEN 250 Computer Forensics Unix System Life Response.

COEN 250 Computer Forensics Unix System Life Response.
The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Basic Unix system administration

Basic Unix system administration
Some history PDP versions BSD/Version 7 split VAX virtual memory implementations End of line 4.4 BSD System V merges Modern versions OSF/1, Solaris, HPUX.

Some history PDP versions BSD/Version 7 split VAX virtual memory implementations End of line 4.4 BSD System V merges Modern versions OSF/1, Solaris, HPUX.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Processes & Daemons Chapter IV / Part III. Commands Internal commands: alias, cd, echo, pwd, time External commands, code is in a file: grep, ls, more.

Processes & Daemons Chapter IV / Part III. Commands Internal commands: alias, cd, echo, pwd, time External commands, code is in a file: grep, ls, more.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Unix Presentation. What is an Operating System An operating system (OS) is a program that allows you to interact with the computer -- all of the software.

Unix Presentation. What is an Operating System An operating system (OS) is a program that allows you to interact with the computer -- all of the software.
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.

1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.
UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.

UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.

Introduction to Linux Installing Linux User accounts and management Linux’s file system.

Similar presentations

Ads by Google